Login

openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)

High Nessus Plugin ID 75787

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes several security issues in the Apache webserver.The patch for the ByteRange remote denial of service attack (CVE-2011-3192) was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. default: 200 0|unlimited: unlimited none: Range headers are ignored. This option is a backport from 2.2.21.Also fixed: CVE-2011-3348: Denial of service in proxy_ajp when using a undefined method.CVE-2011-3368: Exposure of internal servers via reverse proxy methods with mod_proxy enabled and incorrect Rewrite or Proxy Rules.